nvd-json-data-feeds/CVE-2007/CVE-2007-08xx/CVE-2007-0892.json

{
  "id": "CVE-2007-0892",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2007-02-12T23:28:00.000",
  "lastModified": "2024-11-21T00:26:59.557",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with \"FILE:\"."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n CRLF en phpMyVisites anterior a 2.2 permite a atacantes remotos inyectar cabeceras HTTP de su elecci\u00f3n y conducir respuestas HTTP dividiendo ataques a trav\u00e9s de secuencias CRLF en el par\u00e1metro url, cuando el par\u00e1metro pagename comienza con \"FILE:\"."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "baseScore": 7.5,
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL"
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-93"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "2.1",
              "matchCriteriaId": "1F3EA8EE-BB15-477E-8264-F0A7A08C57A7"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:0.1_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B94A2BE-746A-4306-A255-AA7687D63433"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E10F69FD-5578-4D84-98D5-30C2FF951A57"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "94EE3865-3F82-4607-B73F-3FC8EFCB4DD1"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EBB328F-120A-4C98-94A7-4643BE7C23DE"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "183D3FFD-A4CB-42C8-978E-1608387CECD4"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "74EB894E-25B8-4E74-83DF-741B27D739A7"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.2_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "4753A788-14D5-438D-AB16-E1DA0E6A1934"
            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:matthieu_aubry:phpmyvisites:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA73BFE8-81FF-4D4F-B290-05FBE6CF9BFA"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "http://marc.info/?l=full-disclosure&m=117121596803908&w=2",
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "http://osvdb.org/33177",
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ]
    },
    {
      "url": "http://www.securityfocus.com/archive/1/459792/100/0/threaded",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32428",
      "source": "cve@mitre.org"
    },
    {
      "url": "http://marc.info/?l=full-disclosure&m=117121596803908&w=2",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "http://osvdb.org/33177",
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ]
    },
    {
      "url": "http://www.securityfocus.com/archive/1/459792/100/0/threaded",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32428",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ]
}